{
  "threat_severity" : "Moderate",
  "public_date" : "2024-11-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: netfilter: nft_payload: sanitize offset and length before calling skb_checksum()",
    "id" : "2324886",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2324886"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.", "An incorrect buffer length flaw was found in the Linux kernel's netfilter subsystem. A local user could trigger the nft_payload_set_eval function and use this issue to crash the system." ],
  "statement" : "The security impact is limited because this issue is handled by BUG_ON() and only privileged user can trigger it.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10939",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.16.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10939",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.16.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-50251\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50251\nhttps://lore.kernel.org/linux-cve-announce/2024110937-CVE-2024-50251-66dc@gregkh/T" ],
  "name" : "CVE-2024-50251",
  "csaw" : false
}